Ad Widget

**Anth0ny** · 23-06-2010, 07:45

something like this:

subject: [{TRIGGER.SEVERITY}] @ {HOSTNAME} : {TRIGGER.NAME} , checked at {DATE}, {TIME}

body:

Event Time: {EVENT.DATE},{EVENT.TIME}
Target Host: {HOSTNAME} ({IPADDRESS})
Caused by Check: {ITEM.NAME}
Situation Severity: {TRIGGER.SEVERITY}

[EVENT DESCRIPTION (if available)]
{TRIGGER.COMMENT}

[TECHNICAL INFORMATION]
State of parameter "{TRIGGER.NAME}" for host "{HOSTNAME}" changed to status "{TRIGGER.STATUS}", because it's last responce is "{ITEM.LASTVALUE}".

[ESCALATION]
Event age: {EVENT.AGE}

**rboersma** · 23-06-2010, 11:41

Hi,

Is there a list with the different severity levels that are coherent to the windows event viewer.
I'm now using severity 4 in my trigger, which refers to "Error" in the event viewer.
In windows 2008 MS introduced the "Critical" message in the event log. To which number does the variable "logseverity" connect to "Critical " in the event viewer?

**Anth0ny** · 23-06-2010, 11:43

1 - information
2 - warning
4 - error
7 - AUDIT_FAILURE
8 - AUDIT_SUCCESS

**rboersma** · 23-06-2010, 12:46

thanks,

Any idea what number will read "critical". The new windows 2008 log level?

I have checked active.c in the source from zabbix agent and found the following:

case EVENTLOG_SUCCESS:
case EVENTLOG_INFORMATION_TYPE:
severity = 1;
zbx_snprintf(str_severity, sizeof(str_severity), INFORMATION_TYPE);
break;
case EVENTLOG_WARNING_TYPE:
severity = 2;
zbx_snprintf(str_severity, sizeof(str_severity), WARNING_TYPE);
break;
case EVENTLOG_ERROR_TYPE:
severity = 4;
zbx_snprintf(str_severity, sizeof(str_severity), ERROR_TYPE);
break;
case EVENTLOG_AUDIT_FAILURE:
severity = 7;
zbx_snprintf(str_severity, sizeof(str_severity), AUDIT_FAILURE);
break;
case EVENTLOG_AUDIT_SUCCESS:
severity = 8;
zbx_snprintf(str_severity, sizeof(str_severity), AUDIT_SUCCESS);
break;

I suppose "CRITICAL" is not yet part of the program.
How do i get this into next release?

**Anth0ny** · 28-06-2010, 09:54

Originally posted by rboersma

thanks,

Any idea what number will read "critical". The new windows 2008 log level?

I have checked active.c in the source from zabbix agent and found the following:

case EVENTLOG_SUCCESS:
case EVENTLOG_INFORMATION_TYPE:
severity = 1;
zbx_snprintf(str_severity, sizeof(str_severity), INFORMATION_TYPE);
break;
case EVENTLOG_WARNING_TYPE:
severity = 2;
zbx_snprintf(str_severity, sizeof(str_severity), WARNING_TYPE);
break;
case EVENTLOG_ERROR_TYPE:
severity = 4;
zbx_snprintf(str_severity, sizeof(str_severity), ERROR_TYPE);
break;
case EVENTLOG_AUDIT_FAILURE:
severity = 7;
zbx_snprintf(str_severity, sizeof(str_severity), AUDIT_FAILURE);
break;
case EVENTLOG_AUDIT_SUCCESS:
severity = 8;
zbx_snprintf(str_severity, sizeof(str_severity), AUDIT_SUCCESS);
break;

I suppose "CRITICAL" is not yet part of the program.
How do i get this into next release?

severity:

2 =warning = warning
4 = error = critical

**rboersma** · 28-06-2010, 13:19

The windows event log in 2008 and 2008r2 has en NEW level called Critical. so:
Error = 4
warning = 2
critical = NOT YET IMPLEMENTED
Information = 1
Success audit = 8
success failure = 7
I posted a feature request for the new agent release.

Ad Widget

windows event log

windows event log

Comment

Comment

Comment

Comment

Comment

Comment